firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2021-0172,0329,0330] 그누보드 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2021-03-16 11:09:42 +09:00
parent 086a1738d9
commit 0139d91ac9
3 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adm/qa_config_update.php
View File

@ -61,9 +61,17 @@ if( function_exists('filter_input_include_path') ){
$qa_include_tail = filter_input_include_path($qa_include_tail);
}
// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
$src_char = array('&', '=');
$dst_char = array('', '〓');
$qa_category = str_replace($src_char, $dst_char, $_POST['qa_category']);
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$qa_category = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $qa_category);
$sql = " update {$g5['qa_config_table']}
set qa_title = '{$_POST['qa_title']}',
qa_category = '{$_POST['qa_category']}',
qa_category = '{$qa_category}',
qa_skin = '{$_POST['qa_skin']}',
qa_mobile_skin = '{$_POST['qa_mobile_skin']}',
qa_use_email = '{$_POST['qa_use_email']}',